WebSocket Authorization requires policy to contain a context #1471
Comments
aardvarkk
added a commit
to aardvarkk/serverless-offline
that referenced
this issue
Jun 7, 2022
- Fixes dherault#1471 - The policy's context should be *optional*, but the code crashed if the context wasn't provided - Followed a model similar to createAuthScheme where the context is properly checked for existence before being validated and used - Add a test to verify the websocket authorizer works when the policy doesn't contain a context. This test fails with the existing code. - Un-skipped the tests so they're actually run and verified the test now passes.
dnalborczyk
pushed a commit
that referenced
this issue
Jun 14, 2022
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Bug Report
When using a custom authorizer for a websocket, I was returning a policy that didn't contain a
contextvalue. It is marked as optional here. Serverless offline would return a 500 error code despite claiming that authorization was successful.Current Behavior
Logs show
offline: Authorization function returned a successful response: (λ: websocketAuthorize), but the caller receives back a 500 and the websocket does not connect.Expected behavior/code
The server should successfully connect without the optional auth response containing a context.
Possible Solution
I will submit a PR to fix this.
Workaround
Provide an empty object as a context instead of leaving it undefined.
The text was updated successfully, but these errors were encountered: